MDKSA-2000:047

Package name

pam

Date

2000-09-12

Advisory ID

MDKSA-2000:047

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

A bug exists in two PAM modules: pam_smb and pam_ntdom. They are pluggable authentication modules that allow authentication of usernames and passwords in PAM-compatible environments against Windows and Samba. Both modules contain remotely exploitable stack buffer overflows. This bug allows an attacker to execute arbitary code as root. The versions affected are: pam_smb < 1.1.6 and pam_ntdom < 0.24. Linux-Mandrake does not ship with either the pam_smb or pam_ntdom modules and is therefore not vulnerable to this exploit. Linux-Mandrake users who have installed this package on their own are encouraged to upgrade to the latest versions available: pam_smb 1.1.6 at ftp://ftp.samba.org/pub/samba/pam_smb/ pam_ntdom 0.24 at http://cb1.com/~lkcl/pam-ntdom/

Updated packages

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na